HPE Community
Operating System - HP-UX
1829115 Members
14494 Online
109986 Solutions
New Discussion

Adding user with restrictions

 
SOLVED
Go to solution
Steve Ferrara
Advisor

‎06-07-2004 02:29 AM

‎06-07-2004 02:29 AM

Adding user with restrictions

How do you restrict a user to accessing your server strictly via ftp? Also, how do you restrict them to use one specific directory?

Thanks
0 Kudos
Reply
4 REPLIES 4
Uday_S_Ankolekar
Honored Contributor

‎06-07-2004 02:37 AM

‎06-07-2004 02:37 AM

Solution

Re: Adding user with restrictions

Create user id with shell as /usr/bin/ftp and add /usr/bin/ftp to /etc/shells.
You can restrict to a perticular directory by mentioning PATH=/restrictedDIR in .profile file of user's home directory and change ownership of the .profile to root:bin

-USA..
Good Luck..
Reply
Sanjay_6
Honored Contributor

‎06-07-2004 02:44 AM

‎06-07-2004 02:44 AM

Re: Adding user with restrictions

Hi,

To restrict the user to have only ftp access, ley the login shell for the user be set as /usr/bin/false and add this in the /etc/shells file. Also you can setup ftpaccess to set restrictions for the user.

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000073346999

The itrc doc id is BC0814KBRC00007719.

Hope this helps.

Regds
Reply
Mel Burslan
Honored Contributor

‎06-07-2004 03:05 AM

‎06-07-2004 03:05 AM

Re: Adding user with restrictions

let's assume the username who will only have ftp access and nothing else is 'ftpuser'

useradd -m -s /usr/bin/false

edit password file using 'vipw' command and change the home directory of the user to /home/ftpuser/./ ,i.e., add a /./ at the end of whatever is already there

add /usr/bin/false to /etc/shells if it is not there already

if exists edit /etc/ftpd/ftpaccess file and add these lines :

class all ftpuser,guest *
guestgroup none

chmod 444 /etc/ftpd/ftpaccess
chown bin:bin /etc/ftpd/ftpaccess

vi /etc/inetd.conf

find the line beginning with ftp and if is not there already add "-a" without the quotes of course to the end. It should look like this :

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a

/usr/sbin/inetd -k
/usr/sbin/inetd -l
(which restarts inetd with the newly changed settings if you changed anything)

mkdir ~ftpuser/usr
mkdir ~ftpuser/usr/bin
chown bin:bin ~ftpuser/usr
chmod 555 ~ftpuser/usr
chown root:bin ~ftpuser/usr/bin
chmod 555 ~ftpuser/usr/bin
cp -p /sbin/ls ~ftpuser/usr/bin/ls

hope this helps





________________________________
UNIX because I majored in cryptology...
Reply
Mel Burslan
Honored Contributor

‎06-07-2004 03:07 AM

‎06-07-2004 03:07 AM

Re: Adding user with restrictions

oh, I realized that I made a typo on the user add line. it should have read:

useradd -m -s /usr/bin/false ftpuser

(must find coffeee...)
________________________________
UNIX because I majored in cryptology...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.